The fix for the HoloLens remote code execution vulnerability, deemed to have a low chance of being exploited, was released as part of yesterday's bundle of more than 50 security updates for Microsoft products.

The HoloLens is a wearable headset that projects digital images into the wearer's view and which is currently only available to select users as a pre-release product. Microsoft calls it a mixed reality headset because it can place digital objects in the real world in a believable manner, for example, putting a 3D model of a trophy on a real-world table.

While the HoloLens update resolves an issue in a piece of kit so new it's unavailable to the general public, Microsoft recently made headlines for patching obsolete technology, when it issued an extraordinary update for Windows XP, which left mainstream support in 2014.

In total, more than 50 vulnerabilities were fixed by yesterday's patch, including 19 flaws deemed to be critical. Of the critical flaws, six enabled remote code execution.

ZDI highlights one critical flaw that it expects to be seen being used in phishing campaigns. The vulnerability, deemed likely to be exploited, allows an attacker to remotely execute code after sharing a folder and a malicious executable file with user.

While four of the more than 50 vulnerabilities are publicly known, none are thought to be being actively exploited at present.

Patches include fixes for Microsoft's web browsers, both for Edge — related to failure to properly parse HTTP content — and Internet Explorer, which was updated with the latest patch for Adobe Flash. There are also updates to resolve code execution bugs in Office and PowerShell. ZDI says that some of the browser-related flaws highlight the dangers of vulnerabilities in the engines used to execute JavaScript, the defacto scripting language of the web.